||[New Web Interface Only] On the Cloud Email Security Management Console, click on the gear icon to load the legacy web interface.|
|| Choose Management Appliance > System Administration > LDAP. |
|| Enter a name
for the server profile in the
Server Profile Name text field.
|| Enter the host
name for the LDAP server in the
Name(s) text field.
You can enter
multiple host names to configure the LDAP servers for failover or
load-balancing. Separate multiple entries with commas. For more information,
Configuring AsyncOS to Work With Multiple LDAP Servers.
|| Select an
authentication method. You can use anonymous authentication or specify a user
name and password.
|| You need to
configure LDAP authentication to view client user IDs instead of client IP
addresses on reports. Without LDAP authentication the system can only refer to
users by their IP address. Choose the
Password radio button, and enter the User name and password. The
user name will now be seen on the Internal Users Summary page.
|| Select the LDAP
server type: Active Directory, OpenLDAP, or Unknown or Other.
|| Enter a port
The default port is 3268. This is the default port for Active Directory that enables it to access the global catalog in a multi-server environment.
|| Enter a base DN
(distinguishing name) for the LDAP server.
If you authenticate with a user name and a password, the user name must include the full DN to the entry that contains the password. For example, a user with an email address of email@example.com is a user of the marketing group. The entry for this user would look like the following entry:
uid=joe, ou=marketing, dc=example dc=com
|| Under Advanced,
select whether to use SSL when communicating with the LDAP server.
|| Enter the cache
time-to-live. This value represents the amount of time to retain caches.
|| Enter the
maximum number of retained cache entries.
|| Enter a maximum
number of simultaneous connections.
configure the LDAP server profile for load balancing, these connections are
distributed among the listed LDAP servers. For example, if you configure 10
simultaneous connections and load balance the connections over three servers,
AsyncOS creates 10 connections to each server, for a total of 30 connections.
For more information, see
|| The maximum
number of simultaneous connections includes LDAP connections used for LDAP
queries. However, if you enable LDAP authentication for the spam quarantine,
the appliance allows 20 additional connections for the end user quarantine for
a total of 30 connections.
|| Test the
connection to the server by clicking the Test Server(s) button. If you
specified multiple LDAP servers, they are all tested. The results of the test
appear in the Connection Status field. For more information, see
Testing LDAP Servers.
|| Create spam
quarantine queries by selecting the check box and completing the fields.
configure the quarantine end-user authentication query to validate users when
they log in to the end-user quarantine. You can configure the alias
consolidation query so that end-users do not receive quarantine notices for
each email alias. To use these queries, select the “Designate as the active
query” check box. For more information, see
Configuring LDAP Queries.
|| Test the spam
quarantine queries by clicking the Test Query button.
Enter the test
parameters and click Run Test. The results of the test appear in the Connection
Status field. If you make any changes to the query definition or attributes,
|| If you have
configured the LDAP server to allow binds with empty passwords, the query can
pass the test with an empty password field.
|| Submit and
commit your changes.
Directory server configurations do not allow authentication through TLS with
Windows 2000. This is a known issue with Active Directory. TLS authentication
for Active Directory and Windows 2003
|| Although the
number of server configurations is unlimited, you can configure only one
end-user authentication query and one alias consolidation query per server.